fedorafandomcom-20200214-history
FTP Server (VSFTPD)
What is FTP? File Transfer Protocol is what is acronym stands for. In simple terms it is a way to get files from one computer to another over a network. Most people use it quite often and do not realize it. Most times a file is downloaded it is though an FTP server. FTP servers run on ports 20 and 21. FTP is not encrypted in any way shape or form. This means that if someone was intercepting traffic on the network the file was being transferred over then they could reconstruct the file. This is rather easy to do. Another security risk with FTP is the password goes over the network in plain text. If the same person that reconstructed the file wanted they could easily get you user name and password as well. Fedora's default FTP Server is vsftpd which stands for Very Secure FTP Daemon. This server is simple for a basic application and relatively secure. Still has no default encryption but it can be added. The Defaults do not allow any access to the system except for the ftp directory. While this guide will help you setup a basic FTP server in Fedora, it is by no means an all encompassing FTP Server Documentation. For better documentation on vsftpd please visit their online manual page. Installing Installing vsftpd is just like installing any other software in Fedora. yum install vsftpd Anonymous Read Only Access (Most common use) drop a file in /var/ftp/ and then make sure the file is readable by all chmod 744 then open a web browser or ftp client of your choice and point it at your new ftp server. The file should appear there. Read Write Access for Local User Accounts Open the configuration file located at /etc/vsftpd/vsftpd.conf and find the line that has #write_enable=YES remove the # to enable the line and then find the following line #local_enable=YES remove the # to enable the line and then save the file. Now we need to restart the ftp server to activate the changes service vsftpd restart The local system users should be able to log in and transfer file to the FTP server. Secure FTP transfers(FTPS) FTP passwords and data are all sent in plain text, making passwords, usernames, and sensitive files vulnerable to being "sniffed" by protocol analysers (or packet sniffers) like Wireshark; this is especially dangerous when performing FTP transfer over the Internet or over networks whose physical security cannot be guaranteed. Thus, today, FTP is usually used for public-access anonymous FTP servers in which users are not to have write access - for example, the source code to the Linux kernel and many other open source softwares are often distributed over anonymous FTP. Though it remains popular for some enterprises to perform plain-text FTP transfers over the global Internet, this is ill-advised. Alternative solutions like SFTP and FTPS should be sought. FTPS client and server configuration will be covered here. Secure Sockets Layer (SSL) is a simple and flexible way to provide relatively strong encryption for FTP service; vsftpd integrates well with openssl. SSL is the same protocol used to encrypt sensitive HTTP traffic to and from web servers, such as banks and shopping sites. Note that using FTP with SSL (sometimes called FTPS, not to be confused with [http://en.wikipedia.org/wiki/SFTP SFTP]) will require FTP client software capable of SSL authentication. Filezilla is a cross-platform FTP client that supports SSL authentication. On Fedora, FileZilla can be installed with yum install filezilla; the Win32 client can be obtained at the FileZilla website. The Linux-exclusive gFTP also supports SSL encryption (yum install gftp). SSL setup First, vsftpd should be configured to work with SSL and to deny "standard" FTP access: file block here Second, OpenSSL must be installed in order to generate SSL keys. On Fedora, install OpenSSL with: # yum install openssl (coming soon...)WHERE?